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QUESTION 21 

Your network contains an Active Directory domain named contoso.com. The domain contains two 
member servers named Serverl and Server2 that run Windows Server 2012 R2. Both servers have 
the Hyper-V server role installed. The network contains an enterprise certification authority (CA). 
All servers are enrolled automatically for a certificate-based on the Computer certificate template. 
On Serverl, you have a virtual machine named VM1. VM1 is replicated to Server2. You need to 
encrypt the replication of VM1. Which two actions should you perform? (Each correct answer 
presents part of the solution. Choose two.) 



A. On Serverl , modify the settings of VM 1 . 

B. On Server2, modify the settings of VM1 . 

C. On Server2, modify the Hyper-V Settings. 

D. On Serverl , modify the Hyper-V Settings. 

E. On Serverl, modify the settings of the virtual switch to which VM1 is connected. 

F. On Server2, modify the settings of the virtual switch to which VM1 is connected. 



Answer: AC 
Explanation: 

Answer is A and C, not A and F. Virtual Switch has nothing to do with this scenario based many 

sites I've visited even TechNet. And added a couple examples with Enterprise CAas well. 

C. - Is Server 2, modify settings of Hyper-V=>Replica Server, then all the Encryption Reqs. TCP- 

443/SSL 



QUESTION 22 

Your network contains an Active Directory domain named contoso.com. The domain contains a file 
server named Serverl that runs Windows Server 2012 R2. You create a user account named Userl 
in the domain. You need to ensure that Userl can use Windows Server Backup to back up Serverl . 
The solution must minimize the number of administrative rights assigned to Userl. What should 
you do? 

A. Add Userl to the Backup Operators group. 

B. Add Userl to the Power Users group. 

C. Assign Userl the Backup files and directories user right and the Restore files and directories user right. 

D. Assign Userl the Backup files and directories user right. 



Answer: D 
Explanation: 

Backup Operators have these permissions by default: 

Back up files and directories Administrators.,^ ackup Operators 

. Restore files and directories Administrators^ ackup Operators 

Shut down the system Administrators.Backup Operators 

However the question explicitly says we need to minimize administrative rights. Since the 
requirement is for backing up the data only-no requirement to restore or shutdown-then assigning 
the "Back up files and directories user right" would be the correct answer. 
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Back up files and directories 

This user right determines which users can bypass file and 
directory, registry, and other persistent object permissions forthe 
purposes of backing up the system. 

Specif ically, this user right is similar to granting the following 
permissions to the user or group in question on all files and 
folders on the system: 

Traverse Folder/Execute File 
List Folder/Read Data 
Read Attributes 
Read Extended Attributes 
Read Permissions 

QUESTION 23 

You have a server named ServeM that runs Windows Server 2012 R2 and is used for testing. A 
developer at your company creates and installs an unsigned kernel-mode driver on ServeM. The 
developer reports that Serverl will no longer start. You need to ensure that the developer can test 
the new driver. The solution must minimize the amount of data loss. Which Advanced Boot Option 
should you select? 



A. Disable Driver Signature Enforcement 

B. Disable automatic restart on system failure 

C. Last Know Good Configuration (advanced) 

D. Repair Your Computer 



Answer: A 
Explanation: 

A. By default, 64-bit versions of Windows Vista and later versions of Windows will load a kernel- 
mode driver only if the kernel can verify the driver signature. However, this default behavior can be 
disabled to facilitate early driver development and non-automated testing. B. specifies that 
Windows automatically restarts your computer when a failure occurs C. Developer would not be 
able to test the driver as needed D. Removes or repairs critical windows files, Developer would not 
be able to test the driver as needed and some file loss 
http://technet.microsoft.com/en-us/library/jj134246.aspx 

http://msdn.microsoft.com/en-us/library/windows/hardware/ff547565(v=vs.85).aspx 
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| Advanced Boot Options 



choose Advanced options for: windows server 2012 
(use the arrow keys to highlight your choice.) 

Repair Your Computer 

safe Mode 

safe Mode with Networking 
safe Mode with command Prompt 

Enable Boot Logging 

Enable low-resolution video 

Last Known Good configuration (advanced) 

Directory services Repair Mode 

Debugging Mode 

Disable automatic restart on system failure 



Disable Early Launch An ti -Mai ware Driver 



Start Windows Normally 



Description: Allows drivers containing improper signatures to be loaded. 



QUESTION 24 

Hotspot Question 

Your network contains an Active Directory domain named contoso.com. 
You have a Dynamic Access Control policy named Policyl. 
You create a new Central Access Rule named Rulel. 
You need to add Rulel to Policyl . 
What command should you run? 

To answer, select the appropriate options in the answer area. 



Answer Area 



Add-AdCentraiAccessPolicyMernbe 
New-AdCentralAccessRuie 
Set-AdCeniralAccessPoticy 

Set- AdCentra I AccessRu le 

Answer: 



-Members 



Pciicyl 
Rulel 



Policyl 
Rulel 
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Answer Area 



Add- AdCer itr. ai Access Po I h: yr-ie mbe 



New - Ad C e n tr a I A tc e ;.s Ru le 
Set- AdCenfa I AccessPo I icy 
Set- AdCentra I AccessRu le 





Pol icy 1 




Ruiel 





-Members 



• 



Policy! 



QUESTION 25 

Your network contains an Active Directory domain named contoso.com. The domain contains two 
member servers named Serverl and Server2. All servers run Windows Server 2012 R2. Serverl 
and Server2 have the Failover Clustering feature installed. The servers are configured as nodes in 
a failover cluster named Clusterl. You add two additional nodes in Clusterl. You have a folder 
named Folderl on Serverl that hosts application data. Folderl is a folder target in a Distributed 
File System (DFS) namespace. You need to provide highly available access to Folderl. The 
solution must support DFS Replication to Folderl. What should you configure? 



A. Affinity-None 

B. Affinity-Single 

C. The cluster quorum settings 

D. The failover settings 

E. A file server for general use 

F. The Handling priority 

G. The host priority 

H. Live migration 

I. The possible owner 
J. The preferred owner 
K. Quick migration 

L. The Scale-Out File Server 



Answer: E 
Explanation: 
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QUESTION 26 

Your network contains an Active Directory domain named contoso.com. The domain contains two 
member servers named ServeM and Server2. All servers run Windows Server 2012 R2. Serverl 
and Server2 have the Network Load Balancing (NLB) feature installed. The servers are configured 
as nodes in an NLB cluster named Clusterl . Port rules are configured for all clustered applications. 
You need to ensure that Server2 handles all client requests to the cluster that are NOT covered by 
a port rule. What should you configure? 



A. Affinity-None 

B. Affinity-Single 

C. The cluster quorum settings 

D. The failover settings 

E. A file server for general use 

F. The Handling priority 

G. The host priority 

H. Live migration 

I. The possible owner 
J. The preferred owner 
K. Quick migration 

L. The Scale-Out File Server 



Answer: G 
Explanation: 

http://technet.microsoft.com/en-us/library/bb742455.aspx 
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Installing and Managing Net™ ark Laad Balancing 

UetwMMeattaaLantjiujii *ut«»iti(*<iyrfii[sil*-d4nd cm be optionally enafcltd <vn the AAruvced Sth<ef lAdDalacenter Seivei »ersHHii of t1»e Window* 2000 
opc-raiMtc; system It operate), as an optional semce lor local area network iLirf,' connections andean nf enabled lor one L*H connection in the s,;:rm: this LAN 
connection is Miatsn as live r.-£er stfjp^er. TJo hard v. a -e changes are required 1o install and run Network L-oad B-alancing. Since it l-s compatible with aim ait all 
tlhtrntt and f itm Oumtutctl Oala mitriaic (FOOD imwor* adapter, it hit no sptcrr i< Hardwire compawany btt. 

Cnrt Neiwriii; Loan Salaneinn is enabled, ill parameters art configured uunnjti Properties dialog turn, as desoinfdi in 1l»e online help guide, me (luster it 
Hi Igned a p^Tsr)- lpGddr«3, wtiKh represents a tirtual IP address Ea wlmh all cluster hosts cespond. the remcrif contcol program prowled as a pact or HrtvcocV 
leid Balancing Villthf tf address to Identity » target gutter. Etch ejujltf host IlfV «fl4f assigned* Wfl|f5ft#'*55¥ r fi;f?i nflrtoit; traflu uniggelo thai 
particular host within the duilc. Network load BiUntma «f«i loao-oaiant* s traffic mi lh( tfettrcaseti U> address Instead. <t load-balances mtommg 1 'jidt 
Icom in LP addresses M»ti 1han Uie dedicated IP address. 



'.Vhen configuring Met*** Load Balancing It is important to entec [he dedicated LP addceSs. prim >r, IP address and other Optional virtual LP addresses intOHl* 
TCP/IP Projhf r|ifj dialog Ooi in 0id<" Ifl e<s»Ve the hojt f TCMP rtarJt tct rfspgnd to these IP Wfdacf K!. Ihf sfatatet) IP address is always entered isrft l<t 1**1 

outgoing ton.nettunf from the ciuitti hosl art sou'eed win (hit IP tentu instead o* a tuiuai ip address. othtnMte.. ieplf; to the ciuHtehoft cosiMf ot 
Mvathreiiently load balanced by ttetvierV Load Balancing and deimetectlo aiwHhee clusl*i tvast. Some services, inch as Uve Pomt4«<PMM Tunneling Protocol 
CPPTPJ ser«t. da nor a:io.v outgoing connections la be- sourced from a different LP address., and thus a dedicated LP address cannot be used with them. 

Holt nwVtf 



Eacft elurttr ftctit If assigned a unique a*j* pri'twjy in the fangt ot i to 32, while lower numben denote higher priorities. ITi* nttrt VnOt Ihe tugftest hosl {HrO'ity 
flevnest nuttier: Ic rHuej Is, oiled the ffeft^ir "sir, It handki M aent Haflre f et me itrtual IP iddrei in thai U. not loe-cificalty intended, to be io«i'6a«»n«tf "us 
ensures that sener application-: nol conflguied for load balancing only lerene clic-cM liaffic on a single host S UM default hosl tails. Ille host .-. Ihentit 
•ugliest pciocrt> tal.es over as default host- 



QUESTION 27 

Hotspot Question 

Your network contains two Web servers named ServeM and Server2. Both servers run Windows 
Server 2012 R2. 

Serverl and 5erver2 are nodes in a Network Load Balancing (NLB) cluster. The NLB cluster 
contains an application named App1 that is accessed by using the name appl.contoso.com. 
The NLB cluster has the port rules configured as shown in the exhibit. (Click the Exhibit button.) 
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a pp 1 .contoso.com( 1 92. 1 68. 1 00.1 00) Properties 



Ouster IP Addresses Ouster Parameters Port Rules 



Define: po-. r^es 



Ouster IP address Start 



A* 
-. 



443 



End 

□ 



Pre! 



Mode 



Pncwty Load 



Both Single 



Both 
TCP 



Multiple 
NVjItip e 



-r -.it; 

Single 
None 



<[ 



Port Me descsptwn 



III 



Add. 



TCPand UDP traffic cSrectedta any cluster IP address that arrives on port 3D is 
hantSed by the active duster host with the smaller handling pncwty for tfrs port nJe . 



OK 



:a-ie 



Help 



To answer, complete each statement according to the information presented in the exhibit. 
Each correct selection is worth one point. 



Answer Area 



When users access the URL 
http://appl.contoso.com, ... 



If one of the nodes in the cluster 
fails, Appl is ... available. 



Answer: 



the connections fall. 

the connections are processed by a single server, 
the connections split equally among all of the servers in the ( 



always 

never 

sometimes 
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Answer Area 



:::::::::::::::: 



When users access the URL 
http://appl.contoso.com, ... 



If one of the nodes in the cluster 
fails, Appl is ... available, 



the connections fail. 



the connections are processed by a single server 
the connections split equally among alt of the servers In Hie t 



always 



never 
sometimes 



QUESTION 28 

Your network contains an Active Directory forest. The forest contains two domains named 
contoso.com and fabrikam.com. The functional level of the forest is Windows Server 2003. You 
have a domain outside the forest named adatum.com. You need to configure an access solution to 
meet the following requirements: 

- Users in adatum.com must be able to access resources in contoso.com. 

- Users in adatum.com must be prevented from accessing resources in 
f abrikam. com. 

- Users in both contoso.com and fabrikam.com must be prevented from 
accessing resources in adatum.com. 

What should you create? 



A. a one-way realm trust from contoso.com to adatum.com 

B. a one-way realm trust from adatum.com to contoso.com 

C. a one-way external trust from contoso.com to adatum.com 

D. a one-way external trust from adatum.com to contoso.com 

Answer: C 
Explanation: 

domain names were changed, so understand the question well 

You need to make trust relationship where domain contoso.com trusts adatum.com. 

http://technet.microsoft.com/en-us/library/cc728024(v=ws.10).aspx 
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Trust direction 

The trust type and its assigned direction will impact the trust path used for authentication. A trust path is a series of trust 
follow between domains. Before a user can access a resource in another domain, the security system on domain controlh 
determine whether the trusting domain (the domain containing the resource the user is trying to access) has a trust relati 
logon domain), To determine this, the security system computes the trust path between a domain controller in the trustin 
trusted domain. In the following figure, trust paths are indicated by arrows showing the direction of the trust rthis is a om 




Trusting (Resource) 
Domain 



Trusted (Account) 
Domain 



All domain trust relationships have only two domains in the relationship: the trusting domain and the trusted domain, 



QUESTION 29 

Your network contains an Active Directory domain named contoso.com. The domain contains a 
main office and a branch office. An Active Directory site exists for each office. All domain controllers 
run Windows Server 2012 R2. The domain contains two domain controllers. DC1 hosts an Active 
Directory- integrated zone for contoso.com. You add the DNS Server server role to DC2. You 
discover that the contoso.com DNS zone fails to replicate to DC2. You verify that the domain, 
schema, and configuration naming contexts replicate from DC1 to DC2. You need to ensure that 
DC2 replicates the contoso.com zone by using Active Directory replication. Which tool should you 
use? 



A. Dnscmd 

B. Dnslint 

C. Repadmin 

D. Ntdsutil 

E. DNS Manager 

F. Active Directory Sites and Services 

G. Active Directory Domains and Trusts 

H. Active Directory Users and Computers 



Answer: F 
Explanation: 

http://technet.microsoft.com/en-us/library/cc739941 (v=ws.10).aspx 

If you see question about AD Replication, First preference is AD sites and services, then Repadmin 
and then DNSLINT. 



QUESTION 30 

Your network contains an Active Directory forest named contoso.com. The forest contains four 
domains. All servers run Windows Server 2012 R2. 
Each domain has a user named Userl . 

You have a file server named ServeM that is used to synchronize user folders by using the 

Work Folders role service. 

Serverl has a work folder named Synd . 

You need to ensure that each user has a separate folder in Synd . 
What should you do? 
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A. From Windows Explorer, modify the Sharing properties of Synd . 

B. Run the Set-SyncServerSetting cmdlet. 

C. From File and Storage Services in Server Manager, modify the properties of Synd . 

D. Run the Set-SyncShare cmdlet. 

Answer: D 
Explanation: 

http://technet.microsoft.com/en-US/library/dn296649.aspx 
PS C:\> Set-SyncShare Shared -User "ContosoGroup" 

QUESTION 31 

You have a server named Serverl that runs Windows Server 2012 R2. 

From Server Manager, you install the Active Directory Certificate Services server role on 

Serverl . 

A domain administrator named Adminl logs on to Serverl . 

When Adminl runs the Certification Authority console, Adminl receive the following error message. 



Microsoft Active Directory Certificate Services 



Cannot manage Active Directory Certificate Services. 

The system cannot find the file specified- 0x80070002 (WIN32; 2 
ERROR,FIL£,NOT_FOUND) 







OK 



You need to ensure that when Adminl opens the Certification Authority console on Serverl, the 
error message does not appear. 
What should you do? 

A. Run the Install-AdcsCertificationAuthority cmdlet. 

B. Install the Active Directory Certificate Services (AD CS) tools. 

C. Modify the PATH system variable. 

D. Add Adminl to the Cert Publishers group. 



Answer: B 



QUESTION 32 

Hotspot Question 

Your network contains an Active Directory domain named contoso.com. The domain contains a 
domain controller named DC1 and a server named Serverl . Both servers run Windows Server 
2012 R2. 

You configure the classification of a share on Serverl as shown in the Sharel Properties exhibit. 
(Click the Exhibit button.) 

You configure the resource properties in Active Directory as shown in the Resource Properties 
exhibit. (Click the Exhibit button.) 
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Active Directory Administrative Center 



Dynamic Access Control * Resource Properties 



ISS Overview 
Centos^ (Ipcfll) 

JH Dynamic Access Controf 
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Summary 
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WINDOWS POWERSHELL HISTORY 

You need to ensure that the Impact classification can be assigned to Sharel immediately. 
Which cmdlet should you run on each server? 

To answer, select the appropriate cmdlet for each server in the answer area. 

Answer Area 



DCl: 



Serverl: 



Answer: 



3 



Add- AdReso ur cePr oper tyL istMe mber 

New - AdResourceProperty 

Set-AdResourceProperty 

E.et- AdResourceProperty L is t 



Get-Fsr mC lass ificatcnPropertyDefin i t ion 
Start-Fsr mC (ossification 
Wait-Fsr reclassification 
Upd a te - FsrrnC f ass ificationPr oper ty De fin it ior 
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Answer Area 



DC1: 



Add-AdResourcePropertyLisliVtember 

Maw-ArJRBSQurrRPrnperty 

Etet-ArifiesourceFroperty | 

5 s t- AdResour ceProperty L ist 



Serverl: 



Get-Fsr rnC lass ificationPropert/Definition 
Star t-Fsr mC lass ifl cation 



Update-Fsr rnC las s feat lonPrapertyDefin [tier 



QUESTION 33 

Your network contains an Active Directory domain named contoso.com. The domain contains a 
domain controller named DC1 that runs Windows Server 2012 R2. DC1 has the DHCP Server 
server role installed. DHCP is configured as shown in the exhibit. (Click the Exhibit button.) 



'2 

FrSe Action View Help 



DHCP 





x 



^ DHCP 

a gj dc1.contoso.com 
a |Jj IPv4 

> " : . Scope [10.1.1.0] Cont050.com 
- Server Options 
J; Policies 
a £ Fitters 

vj Allow 
Xj Deny 
\ ILlPvfi 



MAC Address Description 
There are nc items Id show in this view, 



You discover that client computers cannot obtain IPv4 addresses from DC1. You need to ensure 
that the client computers can obtain IPv4 addresses from DC1. What should you do? 

A. Activate the scope. 

B. Authorize DC1. 

C. Disable the Allow filters. 

D. Disable the Deny filters. 

Answer: C 
Explanation: 
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There is no items in the deny List. So it means that client computers MAC addresses is not listed 
in the allow list. So we have to disable the "Allow Filters" http://technet.microsoft.com/en- 
us/library/ee956897(v=ws.10).aspx 



DHCP 



File Art i on View Help 



2 DHCP 

j j| dc1.contovo.com 
A % IPv4 

[ Scope (10.1. 1.0] Contoso.com 
^| Server Options 
J2j Policies 
j 3_ Filters 

/j Allow 
X, Deny 
b i IPv6 



MAC Address Description 
There are no items to show in this view. 



QUESTION 34 

Your network contains an Active Directory domain named contoso.com. The domain contains a file 
server named Server! and a domain controller named DC1. All servers run Windows Server 2012 
R2. A Group Policy object (GPO) named GP01 is linked to the domain. Serverl contains a folder 
named Folderl. Folderl is shared as Sharel. You need to ensure that authenticated users can 
request assistance when they are denied access to the resources on Serverl. Which two actions 
should you perform? (Each correct answer presents part of the solution. Choose two.) 

A. Assign the Read Attributes NTFS permission on Folderl to the Authenticated Users group. 

B. Install the File Server Resource Manager role service on Serverl. 

C. Configure the Customize message for Access Denied errors policy setting of GP01 . 

D. Enable the Enable access-denied assistance on client for all file types policy setting for GP01 . 

E. Install the File Server Resource Manager role service on DC1. 

Answer: BD 
Explanation: 

http://technet.microsoft.eom/en-us/library/hh831402.aspx#BKMK_1 
QUESTION 35 

Your network contains an Active Directory domain named adatum.com. All domain controllers run 
Windows Server 2008 R2. The domain contains a file server named Server6 that runs Windows 
Server 2012 R2. Server6 contains a folder named Folderl . Folderl is shared as Sharel . The NTFS 
permissions on Folderl are shown in the exhibit. (Click the Exhibit button.) 
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Advanced Security Settings for FOLDER1 




Name C:\F0LDER1 

Owner Administrators (SERVERS Administrators) V Change 

Permissions. I Aud rting 



Effective Access 



For additional information, double-click a permission entry. To modify permissions, select the entry and click Edit (if available). 
Permission entries: 



Type 


Principal 


Access 


Inherited from 


Applies to 


4», Deny 


Groupl (A£>flTUM\Group 1 ) 


Read & execute 


None 


Thisfolder, sub-folder: and file? 


• Allc 


SYSTEM 


Fulf control 


None 


Thisfolder, subfolders and files 


■' alio ■■ 


Administrators (SERVE RfAAd,,, 


Fuir control 


None 


Thisfolder, subfolders and file; 


» alio* 


CREATOR OWNER 


Fuli control 


None 


Subfolders and files only 


' allow 


Domain Users (ADATUMVDe,,, 


Read fk execute 


None 


Thisfolder, subfolders andfiles 



Remc -t 



View 



Enable inheritance 



I - Reojace all child object permissions with inheritable permissions from this object 



OK 



Cancel 



6tm 



The domain contains two global groups named Groupl and Group2. You need to ensure that only 
users who are members of both Groupl and Group2 are denied access to Folderl. Which two 
actions should you perform? (Each correct answer presents part of the solution. Choose two.) 

A. Remove the Deny permission for Groupl from Folderl . 

B. Deny Group2 permission to Folderl . 

C. Install a domain controller that runs Windows Server 2012 R2. 

D. Create a conditional expression. 

E. Deny Group2 permission to Sharel . 

F. Deny Groupl permission to Sharel . 

Answer: CD 
Explanation: 

* Conditional Expressions for Permission Entries Windows Server 2008 R2 and Windows 7 
enhanced Windows security descriptors by introducing a conditional access permission entry. 
Windows Server 2012 R2 takes advantage of conditional access permission entries by inserting 
user claims, device claims, and resource properties, into conditional expressions. Windows Server 
2012 R2 security evaluates these expressions and allows or denies access based on results of the 
evaluation. Securing access to resources through claims is known as claims-based access control. 
Claims-based access control works with traditional access control to provide an additional layer of 
authorization that is flexible to the varying needs of the enterprise environment. 
http://social.technet.microsoft.com/wiki/contents/articles/14269.introducing-dynamicaccess- 
control-en-us.aspx 

QUESTION 36 

Your network contains an Active Directory forest. The forest contains a single domain named 
contoso.com. The forest contains two Active Directory sites named Main and Branchl. The sites 
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connect to each other by using a site link named Main-Branch 1 . There are no other site links. Each 
site contains several domain controllers. All domain controllers run Windows Server 2012 R2. Your 
company plans to open a new branch site named Branch2. The new site will have a WAN link that 
connects to the Main site only. The site will contain two domain controllers that run Windows Server 
2012 R2. You need to create a new site and a new site link for Branch2. The solution must ensure 
that the domain controllers in Branch2 only replicate to the domain controllers in Branchl if all of 
the domain controllers in Main are unavailable. Which three actions should you perform? To answer, 
move the three appropriate actions from the list of actions to the answer area and arrange them in 
the correct order. 



Actions 



Answer Area 



Disable site link bridging. 



Add Branch2 to the Main-Branchl site link. 



Remove Branch2 from the Main-Branchl site link. 



Create a new site link bridge named Main-Branch2. 



Create a new site link object named Main-Branch2, 



Create a new site object named Branch2. 



Answer: 



Actions 


Answer Area 


Disable site link bridging. 










Create a new site object named Branch2. 












Add Branch2 to the Main-Branchl site link. 














Remove Branch2 from the Main-Branchl site link. 













Create a new site link object named Main-Branch.2. 



Create a new site link bridge named Main-Branch2, 



QUESTION 37 

Drag and Drop Question 

Your network contains an Active Directory domain named contoso.com. The domain contains two 
servers named Serverl and Server3. The network contains a standalone server named Server2. 
All servers run Windows Server 2012 R2. The servers are configured as shown in the following 
table. 
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Server name 


Role 


Serve rl 


Active Directory Federation Services 


Server2 


Web Application Proxy 


Serve r3 


Web Server (IIS) 



Server3 hosts an application named Appl. App1 is accessible internally by using the URL 

https://appl.contoso.com. App1 only supports Integrated Windows authentication. 

You need to ensure that all users from the Internet are pre-authenticated before they can access 

Appl. 

What should you do? 

To answer, drag the appropriate servers to the correct actions. Each server may be used once, 
more than once, or not at all. You may need to drag the split bar between panes or scroll to view 
content. 



Serveri 



Server2 



ServarS 



Answer: 



Server! 



Servet'2 



Servers 



Answer Area 

Create a relying party trust: 
Enable constrained delectation: 
Run trie Publish New Application Wizard: 
Install a certificate for appl, contoso.com: 

Answer Area 

Create a relying party trust 
Enable constrained dele gat fori 
Run Th>= Publish Nqw Application Wigard 
Install a certificate fbrappl.contoso.com 



Serveri 



Server2 



Server2 



Servers 



QUESTION 38 

Your network contains two servers named Serveri and Server2 that run Windows Server 2012 R2. 
Serveri and Server2 have the Hyper-V server role installed. Serveri and Server2 are configured 
as Hyper-V replicas of each other. Serveri hosts a virtual machine named VM1. VM1 is replicated 
to Server2. 

You need to verify whether the replica of VM1 on Server2 is functional. The solution must ensure 
that VM1 remains accessible to clients. 
What should you do from Hyper-V Manager? 

A. On Serveri, execute a Planned Failover. 
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B. On Served , execute a Test Failover. 

C. On Server2, execute a Planned Failover. 

D. On Server2, execute a Test Failover. 

Answer: D 
Explanation: 

A. Server 1 is houses VM1 and it is replicated to Server2 - wrong server to failover and this 
is not a planned fail over case 

B. Wrong server correct failover type 

C. Wrong server, wrong failover type 

D. Right server and failover type 

http://blogs.technet.eom/b/virtualization/archive/20 12/07/31/types-of-failover-operations-inhyper- 
v-replica-partii-planned-failover.aspx 

http://blogs.technet.eom/b/virtualization/archive/201 2/07/26/types-of-failover-operations-inhyper- 

v-replica.aspx 

Test Failover (TFO) 



I. What is Test Failover? 



Test Failover is an operation initiated on your replica virtual machine which allows you to test the sanity of the virtualized 
workload without interrupting your production workload or ongoing replication, 



2. When should I use Test Failover? 



Think of Test Failover as an ability to non-disruptively simulate your recovery procedure in an isolated network. You should 
initiate this operation if you wish to: 

* Run minimal tests to validate if your replication is on track 

* Train your personnel on what is to be done in case of a disaster. 

* Test the recovery plan that you have built to test your preparation when disaster does strike, 



3. How should I use this feature? 



TFO is performed on the replica virtual machine by right-clicking on the VM and choosing the Test Failover operation 
(either from the Hyper-V Manager or from the Failover Clustering Manager) 
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QUESTION 39 

You have a failover cluster named Clusterl that contains four nodes. All of the nodes run Windows 
Server 2012 R2. You need to force every node in Clusterl to contact immediately the Windows 
Server Update Services (WSUS) server on your network for updates. Which tool should you use? 



A. The Add-CauClusterRole cmdlet 

Get Latest & Actual 70-412 Exam's Question and Answers from PassLeader. 



New Version Updated After 2014/7/1 - 100% Valid Ensure 



Click Here -- http://www.passleader.com/70-412.html 



SI PassLeader 

Leader of IT Certifications 

Configuring Advanced Windows Server 2012 R2 Services (70-412) 

New Version Updated After 2014/7/1 - Ensure 100% Valid 

B. The Wuauclt command 

C. The Wusa command 

D. The Invoke-CauScan cmdlet 

Answer: D 
Explanation: 

A. Adds the Cluster-Aware Updating (CAU) clustered role that provides the self-updating 
functionality to the specified cluster. 

B. The wuauclt utility allows you some control over the functioning of the Windows Update Agent 

C. The Wusa.exe file is in the %windir%\System32 folder. The Windows Update Standalone 
Installer uses the Windows Update Agent API to install update packages. Update packages have 
an .msu file name extension. The .msu file name extension is associated with the Windows Update 
Standalone Installer. 

D. Performs a scan of cluster nodes for applicable updates and returns a list of the initial set of 
updates that would be applied to each node in a specified cluster. 
http://technet.microsoft.com/en-us/library/hh847235(v=wps.620).aspx 
http://technet.microsoft.com/en-us/library/cc720477(v=ws.10).aspx 
http://support.microsoft.com/kb/934307 

http://technet.microsoft.com/en-us/library/hh847228(v=wps.620).aspx 



QUESTION 40 

Your network contains an Active Directory domain named contoso.com. The network contains a 
file server named ServeM that runs Windows Server 2012 R2. You are configuring a central access 
policy for temporary employees. You enable the Department resource property and assign the 
property a suggested value of Temp. You need to configure a target resource condition for the 
central access rule that is scoped to resources assigned to Temp only. Which condition should you 
use? 



A. (Temp. Resource Equals "Department") 

B. (Resource. Temp Equals "Department") 

C. (Resource. Department Equals "Temp") 

D. (Department. Value Equals "Temp") 



Answer: C 
Explanation: 

http://technet.microsoft.com/fr-fr/library/hh846167.aspx 
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Example 



I* eiottct f>rv»n<t imgimatisn th>t ii stored an Me Htvtn, <ht im*nct ■dti»r1«i*nt s«urrty ojH-itfions n wflit-mBWfth 
cefHiK mfMinatlsn it<urrty1« specify the rieeafst > ttnltH SMcismhty, 



Finance document! should only be read Cry member t-i (H< Finance departrneni. Memfaeii of tl»e Finance detuniwent should 
Only icceis document m Itvrir own courtlry. Onl> Finance Administrators should have v.irf* -dcces-s. An etcetfion will be 
jir*wtdf»r mtmtHri of the ?ui»n«t ncption group, ttin group hW hi. < Pead ucesf. 



Targeting: 



• R(*r>i/iie,P*pJrtm<M Conta'm FHVMKt 



Met Sf n#Ur. 
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